Script: arpwatch.sh need some help

i am trying to make a actually simple script that basically gives the same
basic functionality as 'arpwatch' does. Unfortunately i couldnt find a source
or binary anywhere that could run on Tomato. Only a Optware package but
i am usually running Entware and try to avoid switching just for this.

What i want to do is run this by scheduler (eg. every 5 minutes) and
check the current ARP table (arp -a) either for all networks or just
the guest wlan network (arp -a | grep " on br1"). Now i want to look up
if these MACs are either new to the network or old visitors, write them
to a logfile with date and time. If at the next check the MAC is gone,
it has disconnected and i want to write another entry to the log.

The purpose of this is i want to use it for a client who runs a small hotel
and wants to provide free (not public) Wifi for the guests. Now for legal
reasons we want to log all MAC adresses with timestamps with the
duration when they connect. That case he has a good/decent chance
IF some legal matters should occur and he has to find out who was
using the Wifi at date XY. Sure i know that is not 100% but its atleast
something to go on then (so he can lookup who the guests were at that
date, have their MACs and then get in contact with them about it).
Also its a small hotel so chances are that there is probably only 0-2
clients active at any time.

Ok long story short: I have the basic idea lined out in my head
and started on the script a bit but somehow i am stuck right now,
also it doesnt help that i am a total bash script noob and have to
google every tiny bit of this and make it work by trial and error.
Right now the errors are clearly winning.

Btw writing the log to a SQL db sure would be awesome later on for
searching but as said, its a small network and its not necessary i guess.
Unless other people would want to use this too then i sure would
install a sqlite or w/e on the router and live with it. Now i have chosen
to write it to a CSV style file which should be easy to retrieve stuff later from.

I am sure that instead of reading a textfile and then looping through all
lines this can be done easier and quicker with arrays, i guess, but as said
i am a noob and somehow cant think straight on this thing anymore.

Could someone help me in some parts of this or has some idea how
to make it simpler or a better approach to it?
Any input is much appreciated!

Code:

#!/bin/sh
rm -rf newlastmacs
touch newlastmacs
# need to define $current_daily_log
# rotate every day, move old logs to subfolder
if [ "`arp -a | grep ' on br0' | cut -d' ' -f4 | tr -d ':'`" != "" ]; then
echo Found active clients.
# write all current macs to file
arp -a | grep " on br0" | cut -d' ' -f4 | tr -d ':' > /opt/tomato/logmacs/current
currentmacs=`cat /opt/tomato/logmacs/current`
for i in $currentmacs
do
# for every current MAC do:
echo $i Checking
if [ -f /opt/tomato/logmacs/$i ]; then
#
# OLD MAC (has a log)
#
echo $i has a log
# if MAC is in lastmacs = still active since last check
# no update needed
# if MAC is NOT in lastmacs = MAC is returning
# write CONNECT with timestamp to file
echo "CONNECT,"`date +%d.%m.%Y-%T`","`date +%s` > /opt/tomato/logmacs/$i
#
# additionaly, append MAC to a daily logfile
# (if later on searching for a MAC with given date)
# echo $i >> $current_daily_log
# end of loop for MAC with log
else
#
# NEW MAC (no log yet)
#
echo $i is new
# create logfile for new MAC
#
# maybe get current IP and HOSTNAME and write to log too?
#
# and write CONNECT|date to it
echo "CONNECT,"`date +%d.%m.%Y-%T`","`date +%s` > /opt/tomato/logmacs/$i
#
# additionaly, append MAC to a daily logfile
# (if later on searching for a MAC with given date)
# echo $i >> $current_daily_log
# end of loop for MAC without log
fi
# end of processing currentmacs
done
# check if lastmacs has content
# lastmacs has content, then compare against currentmacs
# MAC is not in currentmacs but in lastmacs = has now disconnected
#
#
# read last line from logfile (must be CONNECT)
# connect_stamp = only third ,data, part (=seconds)
#
# disconnect_stamp = date +%s (=seconds)
#
# duration = difference between connect and disconnect in human readable
#
# write DISCONNECT with current second-timestamp and duration to logfile
#
# echo "DISCONNECT,"`date +%d.%m.%Y-%T`","`date +%s`","$duration" >> /opt/tomato/logmacs/$i
# MAC is both files = still connected
# append MAC to newlastmacs
# end of compare macs
# end of lastmac content
# if lastmac has NO content, but we have current clients
# = everyone is new, already taken care of above
# replace lastmacs with newlastmacs (=every MAC that is still active)
# rm -rf lastmacs
# mv newlastmacs lastmacs
#
# end of case if there are active clients
else
#
# No MACs are currently active and known
#
#
echo No active clients found.
# check if lastmacs exists AND has content = everyone has disconnected
# for every mac in lastmacs, write to logfile
#
# read last line from logfile (must be CONNECT)
# connect_stamp = only third ,data, part (=seconds)
#
# disconnect_stamp = date +%s (=seconds)
#
# duration = difference between connect and disconnect in human readable
#
# write DISCONNECT with current second-timestamp and duration to logfile
#
# echo "DISCONNECT,"`date +%d.%m.%Y-%T`","`date +%s`","$duration" >> /opt/tomato/logmacs/$i
# then delete lastmacs
# create empty lastmacs
# lastmacs is empty = no new disconnects
# nothing to do
# end of case if there are no clients
fi

i am trying to make a actually simple script that basically gives the same
basic functionality as 'arpwatch' does. Unfortunately i couldnt find a source
or binary anywhere that could run on Tomato. Only a Optware package but
i am usually running Entware and try to avoid switching just for this.

Click to expand...

Feel free to ask a new packages. Arpwatch has been added, please, provide a feedback.

Why you don't use Tomato RAF with Captive Portal and look the var/log/acces.log created by Nocat.. you have MAC and timestamp .. then you can transfer to any PC by log register ... ?

Click to expand...

Oh nice! I didnt know NoCat did such a log. Gotta look for it now. Thanks Vic!

Btw, the NoCat in R1.1 and R1.1f did not seem stable to me. Even with a fresh flash
and nothing except WAN (DHCP) configured, as soon as i connected to the NoCat and
tapped on I AGREE, only very few websites worked randomly and the router rebooted
within <5 minutes after connect. But syslog didnt show anything about. Weird.
Will try again the next few days.

Sorry philes, which router model do you have? In any case... we are finishing Nodog (a more stable Captive Portal) and the reboot issues was caused by iptables 'sorting' when other mods have been created in Tomato. As I said to Elfew iptables starts to be a problem in Tomato....

Tests the last few days for NoCat were on a RT-N16 and E4200v1.
Yeah i had a feeling it was related to iptables. But i dont think i
can fix it myself. I think for now the person who will receive theRT-N16 has to live without NoCat/Dog/Mouse, for now. But
everything else works flawlessly. Very happy with all your builds,
and no need even try any others hehe.

Unfortunately it seems that the version in Entware now does not support the -s parameter to execute
a script on events like new MAC discovered etc, so it doesnt help me in this case. Back to doing it myself somehow.